About to blow my comuter up!!

Help and Discussion

Moderator: The Mod Squad

About to blow my comuter up!!

Postby Toby B. » Thu Jul 09, 2009 1:28 pm

Since joining facebook and "downgrading" <--- HUGE bit of arcasm meant ti IE8 I am getting slammed with viruses/trojans/malware galore. AVG 8.5 is about freaking useless. goes for about 12 hours a scan and does not clean/move a damned thing...

Everytime I blink my eyes I am seeing some form of _______________ 2009 crap pop up in my face.

Malware Bytes wont open, Spybot wont open....
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master
 
Posts: 14277
Joined: Sun Dec 16, 2001 1:01 am
Location: Maine

Postby fussnfeathers » Thu Jul 09, 2009 2:00 pm

Ahhhhh you got THAT one. Do a search for Antivirus2009, you'll find removal instructions. It's a nasty one......your task manager won't open either, will it?

http://www.pchubs.com/blogs/antivirus-2 ... ivirus2009 has a pretty thorough removal walkthrough, and a free little utility that helps, although other pages detail it a little further so you don't need a removal tool.
Faster than the speed of snot

Two wrongs don't make it right, but I sleep pretty good at night
fussnfeathers
Mobo-fu Master
Mobo-fu Master
 
Posts: 3147
Joined: Thu Dec 04, 2008 8:25 pm
Location: Right behind you

Postby Mr T » Fri Jul 10, 2009 12:19 pm

Boot into safe mode and run Malwarebytes and Superantispyware from there...
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17087
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Postby Toby B. » Fri Jul 10, 2009 1:18 pm

Mr T wrote:Boot into safe mode and run Malwarebytes and Superantispyware from there...
Tried that. The system was in near lock down. Crap that should have worked didnt. After about 5 rounds of destroying things with HJT, I got it so avg would run but that was a friutless waste of time as it never really cleaned what it said it did.

I picked up a Computer Associates AV/Spyware program from a local shop, which I was able to get for free..... Now things are working again for the most part. Still more work to do on it but its getting better.

Ultimately I gave AVG the old heave ho..
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master
 
Posts: 14277
Joined: Sun Dec 16, 2001 1:01 am
Location: Maine

Postby TriAngle » Mon Jul 13, 2009 7:03 am

TobyB,
I am running XP and Vista and use ZoneAlarm Internet Security Suite 2009 (about $39.95/year online). I believe the AntiVirus part of it is Computer Associates. I never have a problem, and hope to stay that way. I have also been using SUPERAntiSpyware for the past few years with good luck, also.

Just remember to disable System Restore before booting into Safe Mode and scanning for nasties, but you already know that.

Good luck. And thanks for all your help in the past.
"Common sense is not so common." - Voltaire
TriAngle
Black Belt
Black Belt
 
Posts: 741
Joined: Fri Jan 23, 2004 3:18 pm
Location: over there...

Postby evasive » Mon Jul 20, 2009 9:08 pm

Uwhen I encounter an AntiVirus2009 infection I backup and do a full reinstall, reason being this POS constantly changes and puts new cr*p everywhere in windows. It is virtually impossible to restore 100% because it also opens your system to other baddies...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby Toby B. » Fri Aug 21, 2009 8:26 am

Im about two milliseconds from saying to HELL with windblows..... I get home from work today and am watching a movie on the PC (DL from blockbuster), and this ______________ $*%^$ starts again. Windows Antivirus Pro.

CA is setup just as AVG was (to auto update and scan.).. Now CA is disabled and Malwarebytes wot start either.....


This is pissing me off, simply cause I dont have the $200+ to get another OS disk... :mb_angry::
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master
 
Posts: 14277
Joined: Sun Dec 16, 2001 1:01 am
Location: Maine

Postby Toby B. » Fri Aug 21, 2009 12:06 pm

Ok I went into safemode and was able to run Malwarebytes (found 60 infections). I then rebooted into normal mode and Spybot Started right off the bat... I saved the report of what it found. I did select clean all but by looking at the report, it may or may nor have cleaned it...


--- Search result list ---
Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.ActiveDesktop: [SBI $99FAD8A8] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.Windows.Explorer: [SBI $1931FF4D] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Virtumonde: [SBI $92386332] Library (File, nothing done)
C:\WINDOWS\system32\unicows.dll

Virtumonde.Dll: [SBI $92386332] Library (File, nothing done)
C:\WINDOWS\system32\zipfldr.dll

Win32.TDSS.rtk: [SBI $52718CC2] File (File, nothing done)
C:\WINDOWS\system32\drivers\hjgruinscurtbe.sys

Win32.TDSS.rtk: [SBI $FD7B715A] File (File, nothing done)
C:\WINDOWS\system32\hjgruighqewhbw.dll

Win32.TDSS.rtk: [SBI $FD7B715A] File (File, nothing done)
C:\WINDOWS\system32\hjgruikuppnsch.dll

Win32.TDSS.rtk: [SBI $2A4B8272] File (File, nothing done)
C:\WINDOWS\temp\hjgruierxmbcopcy.tmp

Win32.TDSS.rtk: [SBI $6361226C] File (File, nothing done)
C:\WINDOWS\system32\hjgruincpbjumw.dat

Win32.TDSS.rtk: [SBI $6361226C] File (File, nothing done)
C:\WINDOWS\system32\hjgruiovubxmhx.dat

Win32.TDSS.rtk: [SBI $83AE5231] File (File, nothing done)
C:\WINDOWS\system32\UACpvfhfusagorodoicu.dat

Statcounter: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)


Right Media: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)


Zedo: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)


Clickbank: Tracking cookie (Internet Explorer: Toby Bibeau) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-13 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2009-05-19 Includes\Adware.sbi (*)
2009-07-30 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-08-04 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-08-04 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-11 Includes\Malware.sbi (*)
2009-08-11 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-08-06 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-08-11 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-11 Includes\Trojans.sbi (*)
2009-08-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player: Security Update for Windows Media Player (KB973540)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 11: Critical Update for Windows Media Player 11 (KB959772)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB958215)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB960714)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB961260)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB969897)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB972260)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954211)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956391)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956744)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB956841)
/ Windows XP / SP4: Security Update for Windows XP (KB957095)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB960859)
/ Windows XP / SP4: Hotfix for Windows XP (KB961118)
/ Windows XP / SP4: Security Update for Windows XP (KB961371)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Update for Windows XP (KB968389)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
/ Windows XP / SP4: Security Update for Windows XP (KB971557)
/ Windows XP / SP4: Security Update for Windows XP (KB971633)
/ Windows XP / SP4: Security Update for Windows XP (KB971657)
/ Windows XP / SP4: Security Update for Windows XP (KB973346)
/ Windows XP / SP4: Security Update for Windows XP (KB973354)
/ Windows XP / SP4: Security Update for Windows XP (KB973507)
/ Windows XP / SP4: Update for Windows XP (KB973815)
/ Windows XP / SP4: Security Update for Windows XP (KB973869)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, BrMfcWnd
command: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
file: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
size: 622592
MD5: 7E17313EE7DF61660FC95A633268DC74

Located: HK_LM:Run, CAVRID
command: "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
file: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
size: 230640
MD5: AB50997744751CC8FCDFE700D6AC7F15

Located: HK_LM:Run, cctray
command: "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
file: C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
size: 181488
MD5: 76AC1FBBB28054EDFA6ABB85E24B32EB

Located: HK_LM:Run, ControlCenter3
command: C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
file: C:\Program Files\Brother\ControlCenter3\brctrcen.exe
size: 61440
MD5: 953372CBBC6404B0C0636D06B1C74B9B

Located: HK_LM:Run, LoadMSvcmm
command: "C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe"
file: C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
size: 455112
MD5: 67AA484BAD4B6A6005D87554841C2D43

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, SetDefPrt
command: C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
file: C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
size: 49152
MD5: 0C6DC7F88DF16A6851BD11A48A03DA1B

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 577536
MD5: FB1BC9A15A3DF6CFD446E1B3BD0B5099

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: D22D936F9AB0DA3B8EB7537284867708

Located: HK_LM:RunOnce, Malwarebytes Anti-Malware (reboot)
command: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
size: 1295632
MD5: F4338500B2616B89B2FBF2295AA09377

Located: HK_LM:RunOnce, Spybot - Search & Destroy
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A

Located: HK_CU:Run, ctfmon.exe
where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1409082233-1123561945-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1409082233-1123561945-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: Startup (disabled), ymetray (DISABLED)
command: C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe -preload
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), LimeWire On Startup (DISABLED)
command: C:\PROGRA~1\LimeWire\LimeWire.exe -startup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{201f27d4-3704-41d6-89c1-aa35e39143ed} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name:

{A3BC75A2-1F87-4686-AA43-5347D756017C} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 7/9/2009 4:35:36 PM
Date (last access): 8/21/2009 1:51:36 PM
Date (last write): 7/9/2009 4:35:36 PM
Filesize: 41368
Attributes: archive
MD5: 192E39C717013A0BD532B33AC29D6E7D
CRC32: 6D4D2A2E
Version: 6.0.140.8

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 7/9/2009 4:35:38 PM
Date (last access): 8/21/2009 1:51:36 PM
Date (last write): 7/9/2009 4:35:38 PM
Filesize: 73728
Attributes: archive
MD5: 9A0CA264EC3210E77764C45AD7C5F339
CRC32: A8965ADA
Version: 6.0.140.8

{F0F61477-5546-4E96-8A14-0C2FC134DAC2} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (SingleInstance Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SingleInstance Class
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: YTSingleInstance.dll
Short name: YTSING~1.DLL
Date (created): 11/20/2008 5:21:28 PM
Date (last access): 8/21/2009 3:39:40 PM
Date (last write): 11/20/2008 5:21:28 PM
Filesize: 160496
Attributes: archive
MD5: E68542BC9F4771C269D7CA6DC1210524
CRC32: 5317FDF2
Version: 2008.11.20.1



--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/ ... ontrol.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 3/15/2007 6:19:28 PM
Date (last access): 8/21/2009 12:59:12 PM
Date (last write): 9/6/2008 12:30:06 AM
Filesize: 1480232
Attributes: archive
MD5: D0E44C9C8BD85350828458EAD715BD30
CRC32: 1F5F2366
Version: 1.8.31.9

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/Shar ... vSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 6/12/2009 1:05:06 PM
Date (last access): 8/21/2009 12:54:20 PM
Date (last write): 6/12/2009 1:05:06 PM
Filesize: 312680
Attributes: archive
MD5: 6E3E681770908A8A8B1662B854C31A36
CRC32: D7C0125C
Version: 2006.2.22.58

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 10/17/2007 1:00:46 PM
Date (last access): 8/21/2009 12:50:20 PM
Date (last write): 7/30/2006 1:25:34 PM
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control)
DPF name:
CLSID name: DLM Control
Installer: C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf
Codebase: http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: DownloadManagerV2.ocx
Short name: DOWNLO~1.OCX
Date (created): 7/23/2008 8:25:52 AM
Date (last access): 8/21/2009 12:54:20 PM
Date (last write): 7/23/2008 8:25:52 AM
Filesize: 45056
Attributes: archive
MD5: B715701E20988CDAC038093F92C3C2FF
CRC32: BB8C3F6D
Version: 2.2.4.3

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/Shar ... /cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 6/12/2009 1:05:16 PM
Date (last access): 8/21/2009 12:54:20 PM
Date (last write): 6/12/2009 1:05:16 PM
Filesize: 296336
Attributes: archive
MD5: A5D2808487F72F9A8C08B24AE2E0D203
CRC32: 1DAC0E6B
Version: 2006.2.15.43

{67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object)
DPF name:
CLSID name: DivXBrowserPlugin Object
Installer: C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf
Codebase: http://go.divx.com/plugin/DivXBrowserPlugin.cab
description:
classification: Legitimate
known filename: npdivx32.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\DivX\DivX Web Player\
Long name: npdivx32.dll
Short name:
Date (created): 4/22/2007 8:02:20 PM
Date (last access): 8/21/2009 12:47:46 PM
Date (last write): 2/20/2008 10:04:00 PM
Filesize: 1335600
Attributes: archive
MD5: 56E18C09654020009012A53FD332D397
CRC32: 56B7CC16
Version: 1.4.0.233

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://www.update.microsoft.com/microso ... 0680954281
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 7:18:34 PM
Date (last access): 8/21/2009 3:39:42 PM
Date (last write): 10/16/2008 3:06:48 PM
Filesize: 208744
Attributes: archive
MD5: D2E6F0A06391FE5556E8A1D6D5041A5E
CRC32: 27FBFA7D
Version: 7.2.6001.788

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/9/2009 4:35:38 PM
Date (last access): 8/21/2009 12:48:22 PM
Date (last write): 7/9/2009 4:35:38 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 4/13/2005 3:48:56 AM
Date (last access): 8/21/2009 12:47:54 PM
Date (last write): 4/13/2005 4:06:32 AM
Filesize: 69746
Attributes:
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 3/14/2007 2:04:46 AM
Date (last access): 8/21/2009 12:47:58 PM
Date (last write): 3/14/2007 3:43:42 AM
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 8/21/2009 12:48:02 PM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 9/24/2007 11:31:44 PM
Date (last access): 8/21/2009 12:48:06 PM
Date (last write): 9/25/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2/22/2008 2:33:32 AM
Date (last access): 8/21/2009 12:48:12 PM
Date (last write): 2/22/2008 4:25:20 AM
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 6/10/2008 2:32:34 AM
Date (last access): 8/21/2009 12:48:16 PM
Date (last write): 6/10/2008 4:27:02 AM
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/9/2009 4:35:38 PM
Date (last access): 8/21/2009 3:41:54 PM
Date (last write): 7/9/2009 4:35:38 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 7/9/2009 4:35:38 PM
Date (last access): 8/21/2009 3:41:54 PM
Date (last write): 7/9/2009 4:35:38 PM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/s ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10c.ocx
Short name:
Date (created): 7/17/2009 11:12:12 PM
Date (last access): 8/21/2009 12:30:28 PM
Date (last write): 7/17/2009 11:12:12 PM
Filesize: 3979680
Attributes: readonly archive
MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
CRC32: D6F40D46
Version: 10.0.32.18



--- Process list ---
PID: 0 ( 0) [System]
PID: 416 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 552 ( 416) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 648 ( 416) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 744 ( 648) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 756 ( 648) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 968 ( 744) C:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: B8DBF155EAE86B1468FEEA472E94AEFB
PID: 1032 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1140 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1228 ( 744) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1296 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1344 ( 648) C:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: B8DBF155EAE86B1468FEEA472E94AEFB
PID: 1480 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1596 ( 744) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 1716 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1776 ( 744) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
size: 411168
MD5: C0C8248730EBB49BD8DF2B0981FCA312
PID: 1812 ( 744) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
size: 144696
MD5: 58DA9AB565E54A3A7C1FB53CEB075F49
PID: 1928 ( 744) C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
size: 283888
MD5: 5E849A81827D643E7E35575E14225E92
PID: 192 ( 744) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 44FFBA62F0F426B581759C49AAFEC2E2
PID: 456 ( 744) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 480 ( 404) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 508 ( 744) C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
size: 1867720
MD5: F8DA514BA3DDD6470C4D018B5AD31789
PID: 664 ( 480) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 1200 ( 744) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1396 ( 744) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
size: 255216
MD5: C2FDBA6CFD5762EAA6D20E7E235CF4E0
PID: 1608 ( 744) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
size: 602392
MD5: DD0042F0C3B606A6A8B92D49AFB18AD6
PID: 304 ( 744) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/21/2009 3:41:54 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {F97F3228-3A03-4D83-AD9C-D86AEF099196}
Filename: C:\WINDOWS\system32\VetRedir.dll

Protocol 1: CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {F97F3228-3A03-4D83-AD9C-D86AEF099196}
Filename: C:\WINDOWS\system32\VetRedir.dll

Protocol 2: CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
GUID: {F97F3228-3A03-4D83-AD9C-D86AEF099196}
Filename: C:\WINDOWS\system32\VetRedir.dll

Protocol 28: CA ISafe LSP
GUID: {AE2578B4-F478-4313-9A3E-1B83F7A643DF}
Filename: C:\WINDOWS\system32\VetRedir.dll



--- Uninstall list ---
(AddressBook)

Adobe Flash Player 10 ActiveX 10.0.32.18 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

ATI - Software Uninstall Utility 6.14.10.1022 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver 8.573-090113a-074230C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
publisher: Piriform

(Connection Manager)

Crimson Editor (remove only) (Crimson Editor)
uninstall cmd: C:\Program Files\Crimson Editor\uninstall.exe

(DirectAnimation)

(DirectDrawEx)

DVD Shrink 3.2 (DVD Shrink_is1)
install location: C:\Program Files\DVD Shrink\
uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe"
publisher: DVD Shrink
help link: http://www.dvdshrink.org

(DXM_Runtime)

CA Internet Security Suite 4.0.0.205 (eTrust Suite Personal)
install location: C:\Program Files\CA\CA Internet Security Suite
uninstall cmd: "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
publisher: CA, Inc.
help link: http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=SL&app=inclient&lang=en&date=1247255963&link_id=1&dest=main_support&lic=4Y4TKECWXGCYIEXRWMIC&ver=4.0.0.115

(Fontcore)

FTP Commander (FTP Commander)
uninstall cmd: C:\Program Files\FTP Commander\uninstall.exe

HighPoint ATA RAID Management Software (HighPoint ATA RAID Management Software)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HighPoint Technologies, Inc\HighPoint ATA RAID Management Software\Uninst.isu"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\hjt\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20070925
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20070925
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

(InstallShield Uninstall Information)

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB889858)

(KB891122)

(KB892313)

(KB893240)

(KB893241)

(KB893803)

(KB895181)

(KB895316)

(KB895572)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB907658)

(KB911565)

(KB911854)

Security Update for Windows XP (KB923789) (KB923789)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923789

Security Update for Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7)
install date: 20070925
uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=937143

Security Update for Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7)
install date: 20070925
uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=938127

Security Update for Windows Internet Explorer 7 (KB939653) 1 (KB939653-IE7)
install date: 20071011
uninstall cmd: "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=939653

(KB941569)

Security Update for Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
install date: 20071212
uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=942615

Security Update for Windows Internet Explorer 7 (KB944533) 1 (KB944533-IE7)
install date: 20080213
uninstall cmd: "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=944533

(KB946648)

Hotfix for Windows Internet Explorer 7 (KB947864) 1 (KB947864-IE7)
install date: 20080503
uninstall cmd: "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=947864

Security Update for Windows Internet Explorer 7 (KB950759) 1 (KB950759-IE7)
install date: 20080812
uninstall cmd: "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=950759

(KB950762)

(KB950974)

(KB951066)

(KB951376-v2)

(KB951698)

(KB951748)

(KB952287)

(KB952954)

Hotfix for Windows XP (KB954550-v5) 5 (KB954550-v5)
install date: 20081124
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=954550

(KB957095)

(KB957097)

Security Update for Windows Internet Explorer 7 (KB958215) 1 (KB958215-IE7)
install date: 20090110
uninstall cmd: "C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=958215

Security Update for Windows Internet Explorer 7 (KB960714) 1 (KB960714-IE7)
install date: 20090110
uninstall cmd: "C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=960714

Security Update for Windows Internet Explorer 7 (KB961260) 1 (KB961260-IE7)
install date: 20090213
uninstall cmd: "C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=961260

Security Update for Windows Internet Explorer 7 (KB969897) 1 (KB969897-IE7)
install date: 20090710
uninstall cmd: "C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=969897

Security Update for Windows Internet Explorer 7 (KB972260) 1 (KB972260-IE7)
install date: 20090728
uninstall cmd: "C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=972260

K-Lite Mega Codec Pack 2.01 2.01 (KLiteCodecPack_is1)
install date: 20070508
install location: C:\Program Files\K-Lite Codec Pack\
uninstall cmd: "C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes' Anti-Malware (Malwarebytes' Anti-Malware_is1)
install date: 20090809
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation
help link: http://www.malwarebytes.org

Microsoft .NET Framework 3.5 SP1 (Microsoft .NET Framework 3.5 SP1)
install location: C:\WINDOWS\Microsoft.NET\Framework\v3.5\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=120337

(MobileOptionPack)

BLOCKBUSTER Movielink (Movielink Manager)
uninstall cmd: C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink Util.exe /uninstall
publisher: Blockbuster

(MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20081124
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Ahead Nero Burning ROM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

(NetMeeting)

Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20070925
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvudisp.exe UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(SchedulingAgent)

TeamSpeak 2 RC2 2.0.32.60 (Teamspeak 2 RC2_is1)
uninstall cmd: "C:\Program Files\Teamspeak2_RC2\unins000.exe"
publisher: Dominating Bytes Design
help link: http://www.teamspeak.org

CA Anti-Virus 9.0.0.190 (VETWIN32Vp5)
estimated size: 25600
install location: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus
uninstall cmd: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
publisher: CA, Inc.

VIA Rhine-Family Fast Ethernet Adapter (VN_VUIns_Rhine_VIA)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Windows Genuine Advantage Notifications (KB905474) 1.8.0031.9 (WgaNotify)
install date: 20090110
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Windows Imaging Component 3.0.0.0 (WIC)
install date: 20081124
uninstall cmd: "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 3 20080414.031525 (Windows XP Service Pack)
install date: 20090110
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936929

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20081124
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20081124
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

World of Warcraft 3.2.0.10314 (World of Warcraft)
install location: C:\Program Files\World of Warcraft\
install source: C:\Program Files\World of Warcraft\
uninstall cmd: C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
publisher: Blizzard Entertainment

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20081124
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

Yahoo! Toolbar (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

Yahoo! Software Update (Yahoo! Software Update)
uninstall cmd: C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

(Yahoo! Toolbar)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

Yahoo! Install Manager (YInstHelper)
uninstall cmd: C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 9.0.30729.4148 ({002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C})
version: 151025673
version (major): 9
estimated size: 149
install date: 20090728
install source: i:\59c65a2b9164aa938914\
uninstall cmd: MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
publisher: Microsoft Corporation

MSXML 6 Service Pack 2 (KB954459) 6.20.1099.0 ({1A528690-6A2D-4BC5-B143-8C4AE8D19D96})
version: 101975115
version (major): 6
version (minor): 20
estimated size: 1369
install date: 20081212
install source: g:\511b041fecd8ac2a9946\
uninstall cmd: MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/954459

Java(TM) 6 Update 14 6.0.140 ({26A24AE4-039D-4CA4-87B4-2F83216014FF})
version: 100663436
version (major): 6
estimated size: 97228
install date: 20090709
install location: C:\Program Files\Java\jre6\
install source: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre6\README.txt

J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 146909
install date: 20070508
install source: http://java.sun.com/webapps/download/Ge ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_03\README.txt

Java(TM) SE Runtime Environment 6 Update 1 1.6.0.10 ({3248F0A8-6813-11D6-A77B-00B0D0160010})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 163726
install date: 20070510
install source: http://javadl.sun.com/webapps/download/ ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_01\README.txt

Java(TM) 6 Update 2 1.6.0.20 ({3248F0A8-6813-11D6-A77B-00B0D0160020})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 136370
install date: 20070816
install source: http://javadl.sun.com/webapps/download/ ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_02\README.txt

Java(TM) 6 Update 3 1.6.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0160030})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 136430
install date: 20071020
install source: http://javadl.sun.com/webapps/download/ ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_03\README.txt

Java(TM) 6 Update 5 1.6.0.50 ({3248F0A8-6813-11D6-A77B-00B0D0160050})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 139422
install date: 20080324
install source: http://javadl.sun.com/webapps/download/ ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_05\README.txt

Java(TM) 6 Update 7 1.6.0.70 ({3248F0A8-6813-11D6-A77B-00B0D0160070})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 139514
install date: 20080914
install source: http://javadl.sun.com/webapps/download/ ... dows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.6.0_07\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20070503
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

ATI Parental Control & Encoder 3.0 ({36CDA33B-909B-4719-97D1-C4B99309BDC7})
version: 50331648
version (major): 3
estimated size: 56
install date: 20080220
install location: C:\WINDOWS\system32\
install source: D:\Install Pack\ATIPCE\
uninstall cmd: MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
publisher: ATI Technologies Inc.
contact: Customer Support Department
help link: http://support.ati.com
help telephone: 1-905-882-2600

Adobe® Photoshop® Album Starter Edition 3.0 3.00.000 ({4BDFD2CE-6329-42E4-9801-9B3D1F10D79B})
version: 50331648
version (major): 3
estimated size: 16717
install date: 20070505
install location: C:\Program Files\Adobe\Photoshop Album Starter Edition\
install source: C:\WINDOWS\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\
uninstall cmd: MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\ReadMe.txt

AVIVO 9.14.0.60504 ({5399ACAF-7B15-43D5-9233-4E797B184FD2})
version: 151912448
version (major): 9
version (minor): 14
estimated size: 2692
install date: 20080220
install location: C:\Program Files\Common Files\ATI Technologies\Multimedia\
install source: D:\Install Pack\AVIVO\
uninstall cmd: MsiExec.exe /X{5399ACAF-7B15-43D5-9233-4E797B184FD2}
publisher: ATI Technologies Inc.
contact: From online registration through personal assistance, ATI Customer Care is focused on delivering accurate, up-to-date product support for optimum usability and performance.
help link: http://www.ati.com/support

Windows Live Messenger 8.1.0178.00 ({571700F0-DB9D-4B3A-B03D-35A14BB5939F})
version: 134283442
version (major): 8
version (minor): 1
estimated size: 31815
install date: 20070504
uninstall cmd: MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
publisher: Microsoft Corporation

ATI Problem Report Wizard 8.10 ({5DA6F06A-B389-407B-BF8C-1548767914D8})
version: 134873088
version (major): 8
version (minor): 10
estimated size: 1369
install date: 20080220
install location: C:\Program Files\ATI Technologies\PRW\
install source: D:\Install Pack\PRW\
uninstall cmd: MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
publisher: ATI Technologies
comments: ATI offers a wide variety of product support including driver downloads, technical and warranty information.
contact: ATI Customer Support Department
help link: http://support.ati.com
help telephone: 1-905-882-2626

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) 8.1.2 ({6846389C-BAC0-4374-808E-B120F86AF5D7})
version: 134283266
version (major): 8
version (minor): 1
estimated size: 8180
install date: 20080730
install location: C:\Program Files\Adobe\Security Update\
install source: C:\Documents and Settings\Toby Bibeau\Local Settings\Application Data\Adobe\Updater5\Install\reader8rdr-en_US\
uninstall cmd: MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
publisher: Adobe Systems, Inc
comments: Your Comments
contact: Customer Support Department
help link: http://www.Adobe.com
help telephone: 1-555-555-4505

Microsoft Visual C++ 2005 Redistributable 8.0.56336 ({7299052b-02a4-4627-81f2-1818da5d550d})
version: 134274064
version (major): 8
estimated size: 5330
install date: 20090616
install source: C:\DOCUME~1\TOBYBI~1\LOCALS~1\Temp\AVGDownloadManager\packages\51\
uninstall cmd: MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
publisher: Microsoft Corporation

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 8.0.50727.4053 ({770657D0-A123-3C07-8E44-1C83EC895118})
version: 134268455
version (major): 8
estimated size: 109
install date: 20090728
install source: i:\a703652b57f3a781c5b2e4876f946d08\
uninstall cmd: MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
publisher: Microsoft Corporation

Ventrilo Client 3.0.5 ({789289CA-F73A-4A16-A331-54D498CE069F})
version: 50331653
version (major): 3
estimated size: 4540
install date: 20090819
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
publisher: Flagship Industries, Inc.
help link: http://www.ventrilo.com

Windows Support Tools 5.1.2510.0 ({8398B542-3CC4-44D9-83DF-696CCE70124B})
version: 83954126
version (major): 5
version (minor): 1
estimated size: 13040
install date: 20080809
install source: C:\Documents and Settings\Toby Bibeau\Desktop\WinXPPro\SUPPORT\TOOLS\
uninstall cmd: MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
publisher: Microsoft Corporation

Microsoft Office Professional Edition 2003 11.0.8173.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184557549
version (major): 11
estimated size: 1053705
install date: 20090813
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729 ({9A25302D-30C0-39D9-BD6F-21E6EC160475})
version: 151025673
version (major): 9
estimated size: 10524
install date: 20090709
install source: i:\966562470ea24dc94d8245b40c8ddc\
uninstall cmd: MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
publisher: Microsoft Corporation

Brother MFL-Pro Suite 1.00 ({9A912C12-A7DA-44D7-BD57-5CA85E2F33E1})
version: 16777216
install date: 20070904
install location: C:\Program Files\Brother\Brmfl06a
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
publisher: Brother Industries, Ltd.

Microsoft .NET Framework 3.0 Service Pack 2 3.2.30729 ({A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7})
version: 50493449
version (major): 3
version (minor): 2
estimated size: 184293
install date: 20090611
install source: C:\DOCUME~1\TOBYBI~1\LOCALS~1\Temp\dotnetfx3530729.01\1033\dotnetfx30\
uninstall cmd: MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=98075

({A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483)

Adobe Reader 8.1.2 8.1.2 ({AC76BA86-7AD7-1033-7B44-A81200000003})
version: 134283266
version (major): 8
version (minor): 1
estimated size: 88543
install date: 20080615
install source: C:\Documents and Settings\Toby Bibeau\Local Settings\Application Data\Adobe\Updater5\Install\reader8rdr-en_US\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master
 
Posts: 14277
Joined: Sun Dec 16, 2001 1:01 am
Location: Maine

Postby Toby B. » Fri Aug 21, 2009 12:08 pm

Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:58:26 PM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Crimson Editor\cedt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F0F61477-5546-4E96-8A14-0C2FC134DAC2} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6982] command /c del "C:\WINDOWS\system32\drivers\hjgruinscurtbe.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6342] cmd /c del "C:\WINDOWS\system32\drivers\hjgruinscurtbe.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3766] command /c del "C:\WINDOWS\system32\hjgruighqewhbw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7558] cmd /c del "C:\WINDOWS\system32\hjgruighqewhbw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA664] command /c del "C:\WINDOWS\system32\hjgruikuppnsch.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5676] cmd /c del "C:\WINDOWS\system32\hjgruikuppnsch.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8383] command /c del "C:\WINDOWS\system32\hjgruincpbjumw.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4106] cmd /c del "C:\WINDOWS\system32\hjgruincpbjumw.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8879] command /c del "C:\WINDOWS\system32\hjgruiovubxmhx.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1714] cmd /c del "C:\WINDOWS\system32\hjgruiovubxmhx.dat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0680954281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O20 - Winlogon Notify: ddcCvuVP - C:\WINDOWS\
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FAH@C:+folding+FAH504-Console.exe - Stanford University - C:\folding\FAH504-Console.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Movielink Core Service - Blockbuster - C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master
 
Posts: 14277
Joined: Sun Dec 16, 2001 1:01 am
Location: Maine

Postby evasive » Fri Aug 21, 2009 12:57 pm

All I can tell you if you have indeed that dreaded AntiVirus2009 or one of its spinoffs, chances are you want to get out your windows/programs CDs, make a backup of your stuff now and start anew. Once you have your windows+programs+updates in order, make an image of the harddisk, saves you a lot of time when the next infection occurs...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Next

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron